Margi Murphy reports: Between the money bag and clown emojis, the lmfaos and the loooools, a pixelated thumbnail of a teenager covered in blood appeared in a Telegram group chat on a September afternoon in 2022. Noah Urban, then an 18-year-old living in Palm Coast, Florida, clicked play. He watched as the kid in the video begged him…
FOIA Document on Breach of Sensitive DHS Domestic Intelligence Sharing Portal
Today’s entry in our “No Need to Hack When It’s Leaking” files is courtesy of the Brennan Center, which obtained an internal oversight report detailing the two-months-long exposure of federal, state, and local intelligence about Americans. A 2024 internal oversight report from the Office of Intelligence and Analysis of the U.S. Department of Homeland Security…
Two teenage suspected Scattered Spider members charged in UK over TfL hack; U.S. unseals charges (1)
Alexander Martin reports: Two suspected members of the Scattered Spider cybercrime collective have been arrested and charged in the United Kingdom following an investigation into the hack of Transport for London (TfL) last year. The National Crime Agency (NCA) announced on Thursday that Thalha Jubair, 19, from East London, and Owen Flowers, 18, from Walsall,…
Survival Flight reports second cybersecurity incident in less than a year (1)
Survival Flight is an Arizona-headquartered firm that provides ground and air emergency medical transportation services. On August 12, they issued a substitute notice saying that on July 17, they had discovered a cybersecurity incident affecting its IT systems. In their substitute notice, which has not been updated as of this publication, they wrote: The investigation…
Microsoft seizes 338 websites to disrupt rapidly growing ‘RaccoonO365’ phishing service
Giles Bruce reports: Microsoft has seized 338 phishing websites associated with a cybercrime service that targeted at least 20 U.S. healthcare organizations. Using a court order granted by the U.S. District Court for the Southern District of New York, the tech giant’s Digital Crimes Unit disrupted RaccoonO365, which offers subscription-based phishing kits allowing novices to mimic official…
KR: Lotte Card hack exposes data of 3 million users
Choi Ji-won reports: Lotte Card said a hacking attack compromised the personal data of 2.97 million users, marking the biggest data breach this year. CEO Cho Jwa-jin on Thursday disclosed the findings of a probe by the Financial Supervisory Service and Financial Security Institute, in the first public announcement since regulators began investigating on Sept….